Key Takeaways
- Raydium suffered a roughly $1.3 million exploit after an attacker manipulated a fake token supply to drain five legacy liquidity pools.
- The stolen assets included approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC from deprecated AMM V3 pools that had been phased out in 2021.
- Raydium said current users and active liquidity pools were not affected, as the vulnerable pools were no longer accessible through the platform’s user interface.
A security breach has hit Solana-based decentralized exchange Raydium, with attackers stealing approximately $1.3 million in crypto assets by exploiting outdated liquidity pools that had remained on-chain for years. The incident has renewed concerns over the security risks posed by legacy smart contracts, even after they have been retired from active use.
Raydium confirmed that the affected pools were no longer accessible through its official user interface, adding that current users, active liquidity pools, and ongoing trading operations were not impacted by the exploit. The attack was limited to deprecated infrastructure that had remained deployed on the blockchain.
While the protocol’s active ecosystem remains secure, the incident shows that abandoned on-chain contracts can still become attractive targets if they continue to hold valuable assets, highlighting the importance of properly securing or decommissioning legacy DeFi infrastructure.
How the Exploit Drained the Legacy Pools
Investigators found that the attacker exploited a vulnerability in Raydium’s legacy AMM V3 program by manipulating the supply of a fake liquidity provider (LP) token. This allowed the attacker to trick the protocol into recognizing counterfeit liquidity and withdraw genuine assets from the affected pools.
By bypassing the program’s mint validation checks, the attacker was able to remove liquidity without holding the legitimate LP tokens that normally represent ownership of the assets. The exploit ultimately drained five deprecated liquidity pools that had remained on-chain despite no longer being supported through Raydium’s interface.
The stolen funds included approximately:
- 150,177 RAY
- 5,603 SOL
- 893,700 USDC
The combined value of the stolen assets was estimated at around $1.3 million at the time of the attack. Security researchers added that the exploit was isolated to Raydium’s outdated infrastructure and did not affect its current trading system or active liquidity pools.
Raydium Says Current Users Were Not Affected
After the exploit, Raydium confirmed that the attack was limited to five legacy liquidity pools that had been retired since 2021 and were no longer part of the platform’s active system.
The protocol explained that these pools were no longer available through its user interface or supported by its latest software, meaning regular users could not access or interact with them. As a result, active liquidity pools, ongoing trades, and current user funds were unaffected by the incident.
Raydium’s statement reassured the community that the exploit targeted legacy on-chain infrastructure rather than the platform’s live trading system, limiting the impact to outdated pools no longer in active use.
Final Thoughts
The $1.3 million Raydium exploit targeted old liquidity pools that were no longer part of the platform’s active system, allowing an attacker to withdraw real assets through a fake token supply. Although current users and active pools were not affected, the incident shows that outdated smart contracts can still pose security risks if they remain on-chain with valuable funds. It also serves as a reminder that legacy blockchain infrastructure requires ongoing monitoring, even after it has been retired from regular use.
Frequently Asked Questions
What happened in the Raydium exploit?
Raydium suffered a security breach where attackers drained about $1.3 million in crypto by exploiting outdated liquidity pools on its network.
Which parts of Raydium were affected?
The exploit targeted five legacy liquidity pools from the platform’s older AMM V3 system. These pools were no longer active or visible on the current interface.
Why were these pools still vulnerable?
The affected pools were legacy contracts that remained on-chain even after being deprecated, making them a target despite no longer being in active use.
Can users recover the stolen funds?
At the time of reporting, recovery efforts are uncertain, and no confirmed recovery has been announced.